Description
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
Remediation
References
Related Vulnerabilities
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)
Oracle Application Server Other Vulnerability (CVE-2000-0169)
Serendipity Other Vulnerability (CVE-2005-1452)
WordPress Plugin Simple File Downloader Cross-Site Scripting (1.0.4)
WordPress Plugin Attach Gallery Posts Cross-Site Scripting (1.6)